mån 2006-02-27 klockan 10:16 -0500 skrev Meyerovich Aleksandr EB_NY:
> I'd used NTLM authentication before switching to the LDAP. NTLM is a
> legacy authentication protocol. Our forest/domain is now all
> 2003/XP/2000. Eventually I'd like to disable the NTLM. It would be good
> if squid 3.0 can support Kerberos bind to MS LDAP.
One Problem is that most client's cant do Kerberos to a proxy. But it
seems MSIE7 will finally suppot this.
Another problem is that Samba is not entirely up to speed to support
Kerberos authenitcation. But the technology preview of Samba-4 should
work..
A third smaller problem is that Squid-2.5 does not support Kerberos
authentication either. Patch available from devel.squid-cache.org or
wait for Squid-3.0.
But for all practical purposes NTLMv2 works.. just not as efficient or
reliable. But for 2.5 you need to remember to enable the use of the
negotiate packet in your squid.conf..
Regards
Henrik
This archive was generated by hypermail pre-2.1.9 : Wed Mar 01 2006 - 12:00:04 MST